From 7510589e47e9f884515a9cdbd39a339b092fe14c Mon Sep 17 00:00:00 2001 From: erik Date: Wed, 20 Jul 2022 15:56:37 +0200 Subject: [PATCH] Migrated appini-configmap to appini-env-configmap We now have a basic config for our gitea installation. We might want to have a closer look on the security config. Also updated tests and gitea.cljc code with params and formating. --- src/main/cljc/dda/c4k_gitea/gitea.cljc | 11 ++- .../resources/gitea/appini-env-configmap.yaml | 77 +++++++++++++++++-- src/test/cljc/dda/c4k_gitea/gitea_test.cljc | 62 ++++++++++++--- valid-config.edn | 12 ++- 4 files changed, 144 insertions(+), 18 deletions(-) diff --git a/src/main/cljc/dda/c4k_gitea/gitea.cljc b/src/main/cljc/dda/c4k_gitea/gitea.cljc index 3e1a377..5a4a8c3 100644 --- a/src/main/cljc/dda/c4k_gitea/gitea.cljc +++ b/src/main/cljc/dda/c4k_gitea/gitea.cljc @@ -43,14 +43,23 @@ (defn-spec generate-appini-env pred/map-or-seq? ; TODO: fix this to require the merged spec of auth and config instead of any [config any?] - (let [{:keys [fqdn mailer-from mailer-host-port service-whitelist-domains]} config] + (let [{:keys [ + default-app-name + fqdn + mailer-from + mailer-host-port + service-whitelist-domains + service-noreply-address]} + config] (-> (yaml/load-as-edn "gitea/appini-env-configmap.yaml") + (cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name) (cm/replace-all-matching-values-by-new-value "FQDN" fqdn) (cm/replace-all-matching-values-by-new-value "URL" (str "https://" fqdn)) (cm/replace-all-matching-values-by-new-value "FROM" mailer-from) (cm/replace-all-matching-values-by-new-value "HOSTANDPORT" mailer-host-port) (cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-whitelist-domains) + (cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address) ))) (defn-spec generate-secrets pred/map-or-seq? diff --git a/src/main/resources/gitea/appini-env-configmap.yaml b/src/main/resources/gitea/appini-env-configmap.yaml index d836d8e..dbec048 100644 --- a/src/main/resources/gitea/appini-env-configmap.yaml +++ b/src/main/resources/gitea/appini-env-configmap.yaml @@ -4,19 +4,66 @@ metadata: name: gitea-env namespace: default data: + #[attachments] + GITEA__attachments__PATH: /data/gitea/attachments + + #[databaser] GITEA__database__DB_TYPE: "postgres" GITEA__database__HOST: "postgresql-service:5432" # Service.Namespace.svc.cluster.local GITEA__database__NAME: gitea - - GITEA__server__DOMAIN: FQDN - GITEA__server__ROOT_URL: URL + GITEA__database__LOG_SQL: "false" + GITEA__database__SSL_MODE: disable + GITEA__database__CHARSET: utf8 + #[DEFAULT] + GITEA__DEFAULT__APP_NAME: APPNAME # TODO: konfigurierbar machen + GITEA__DEFAULT__RUN_MODE: prod + GITEA__DEFAULT__RUN_USER: git + + #federation] + GITEA__federation__ENABLED: "true" + + #[indexer] + GITEA__indexer__ISSUE_INDEXER_PATH: /data/gitea/indexers/issues.bleve + + #[log] + GITEA__log__MODE: console,file + GITEA__log__LEVEL: Info + GITEA__log__ROOT_PATH: /data/gitea/log + + #[mailer] GITEA__mailer__ENABLED: "true" GITEA__mailer__FROM: FROM GITEA__mailer__MAILER_TYPE: smtp GITEA__mailer__HOST: HOSTANDPORT - GITEA__mailer__IS_TLS_ENABLED: "true" + GITEA__mailer__IS_TLS_ENABLED: "true" + #[oauth2] + GITEA__oauth2__ENABLE: "false" + + #[picture] + GITEA__picture__AVATAR_UPLOAD_PATH: /data/gitea/avatars + GITEA__picture__REPOSITORY_AVATAR_UPLOAD_PATH: /data/gitea/repo-avatars + GITEA__picture__DISABLE_GRAVATAR: "true" + GITEA__picture__ENABLE_FEDERATED_AVATAR: "true" + + #[repository] + GITEA__repository__ROOT: /data/git/repositories + GITEA__repository__DEFAULT_PRIVATE: last + GITEA__repository__LOCAL_COPY_PATH: /data/gitea/tmp/local-repo + GITEA__repository__TEMP_PATH: /data/gitea/uploads + + #[security] + GITEA__security__INSTALL_LOCK: "false" + + #[server] + GITEA__server__DOMAIN: FQDN + GITEA__server__SSH_DOMAIN: FQDN + GITEA__server__ROOT_URL: URL + GITEA__server__HTTP_PORT: 3000 + GITEA__server__SSH_PORT: 22 + + #[service] GITEA__service__DISABLE_REGISTRATION: "true" GITEA__service__REQUIRE_SIGNIN_VIEW: "false" GITEA__service__REGISTER_EMAIL_CONFIRM: "false" @@ -27,4 +74,24 @@ data: GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE: "true" GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION: "true" GITEA__service__DEFAULT_ENABLE_TIMETRACKING: "true" - GITEA__service__NO_REPLY_ADDRESS: noreply \ No newline at end of file + GITEA__service__NO_REPLY_ADDRESS: NOREPLY + + #[session] + GITEA__session__PROVIDER_CONFIG: /data/gitea/sessions + GITEA__session__PROVIDER: file + + + + + + + + + + + + + + + + diff --git a/src/test/cljc/dda/c4k_gitea/gitea_test.cljc b/src/test/cljc/dda/c4k_gitea/gitea_test.cljc index e330ace..e09299d 100644 --- a/src/test/cljc/dda/c4k_gitea/gitea_test.cljc +++ b/src/test/cljc/dda/c4k_gitea/gitea_test.cljc @@ -12,24 +12,35 @@ (st/instrument `cut/generate-secrets) (deftest should-generate-appini-env - (is (= {:GITEA__server__DOMAIN-c1 "", - :GITEA__server__DOMAIN-c2 "test.com", - :GITEA__server__ROOT_URL-c1 "https://", - :GITEA__server__ROOT_URL-c2 "https://test.com", + (is (= {:GITEA__DEFAULT__APP_NAME-c1 "", + :GITEA__DEFAULT__APP_NAME-c2 "test gitea", :GITEA__mailer__FROM-c1 "", :GITEA__mailer__FROM-c2 "test@test.com", :GITEA__mailer__HOST-c1 "", :GITEA__mailer__HOST-c2 "mail.test.com:123", + :GITEA__server__DOMAIN-c1 "", + :GITEA__server__DOMAIN-c2 "test.com", + :GITEA__server__ROOT_URL-c1 "https://", + :GITEA__server__ROOT_URL-c2 "https://test.com", + :GITEA__server__SSH_DOMAIN-c1 "", + :GITEA__server__SSH_DOMAIN-c2 "test.com", :GITEA__service__EMAIL_DOMAIN_WHITELIST-c1 "", - :GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "abc.com,def.com"} - (ct/map-diff (cut/generate-appini-env {:fqdn "" + :GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net", + :GITEA__service__NO_REPLY_ADDRESS-c1 "", + :GITEA__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"} + (ct/map-diff (cut/generate-appini-env {:default-app-name "" + :fqdn "" :mailer-from "" :mailer-host-port "" - :service-whitelist-domains ""}) - (cut/generate-appini-env {:fqdn "test.com" + :service-whitelist-domains "" + :service-noreply-address "" + }) + (cut/generate-appini-env {:default-app-name "test gitea" + :fqdn "test.com" :mailer-from "test@test.com" :mailer-host-port "mail.test.com:123" - :service-whitelist-domains "abc.com,def.com" + :service-whitelist-domains "test.com,test.net" + :service-noreply-address "noreply@test.com" }))))) (deftest should-generate-certificate @@ -56,3 +67,36 @@ :mailer-pw "mailerpw"}))))) +(not + (= + {:GITEA__server__DOMAIN-c2 "test.com", + :GITEA__mailer__FROM-c1 "", + :GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net", + :GITEA__service__EMAIL_DOMAIN_WHITELIST-c1 "", + :GITEA__mailer__HOST-c1 "", + :GITEA__service__NO_REPLY_ADDRESS-c1 "", + :GITEA__mailer__FROM-c2 "test@test.com", + :GITEA__mailer__HOST-c2 "mail.test.com:123", + :GITEA__server__ROOT_URL-c2 "https://test.com", + :GITEA__server__ROOT_URL-c1 "https://", + :GITEA__DEFAULT__APP_NAME-c2 "test gitea", + :GITEA__server__DOMAIN-c1 "", + :GITEA__DEFAULT__APP_NAME-c1 "", + :GITEA__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"} + + {:GITEA__server__DOMAIN-c2 "test.com", + :GITEA__mailer__FROM-c1 "", + :GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net", + :GITEA__service__EMAIL_DOMAIN_WHITELIST-c1 "", + :GITEA__mailer__HOST-c1 "", + :GITEA__service__NO_REPLY_ADDRESS-c1 "", + :GITEA__mailer__FROM-c2 "test@test.com", + :GITEA__mailer__HOST-c2 "mail.test.com:123", + :GITEA__server__ROOT_URL-c2 "https://test.com", + :GITEA__server__SSH_DOMAIN-c1 "", + :GITEA__server__ROOT_URL-c1 "https://", + :GITEA__DEFAULT__APP_NAME-c2 "test gitea", + :GITEA__server__SSH_DOMAIN-c2 "test.com", + :GITEA__server__DOMAIN-c1 "", + :GITEA__DEFAULT__APP_NAME-c1 "", + :GITEA__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"})) \ No newline at end of file diff --git a/valid-config.edn b/valid-config.edn index a0974dc..675193e 100644 --- a/valid-config.edn +++ b/valid-config.edn @@ -1,3 +1,9 @@ -{:fqdn "repo.test.meissa-gmbh.de" - :issuer "staging" - :postgres-data-volume-path "/var/postgres"} +{ +:default-app-name "Meissas awesome gitea" +:fqdn "$fqdn" +:issuer "$letsencrypt_endpoint" +:mailer-from "$mailer_from" +:mailer-host-port "$mailer_host_port" +:service-whitelist-domains "$service_whitelist_domains" +:service-noreply-address "$service_noreply_address" + }